<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>Get buckets API | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'ml-get-bucket.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/ml-get-bucket.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/ml-get-bucket.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/ml-get-bucket.html" rel="nofollow" target="_blank">../en/ml-get-bucket.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="rest-apis.html">REST APIs</a></span>
»
<span class="breadcrumb-link"><a href="ml-apis.html">Machine learning anomaly detection APIs</a></span>
»
<span class="breadcrumb-node">Get buckets API</span>
</div>
<div class="navheader">
<span class="prev">
<a href="ml-forecast.html">« Forecast jobs API</a>
</span>
<span class="next">
<a href="ml-get-calendar.html">Get calendars API »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="ml-get-bucket"></a>Get buckets API<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-bucket.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>

<p>Retrieves anomaly detection job results for one or more buckets.</p>
<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-bucket-request"></a>Request<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-bucket.asciidoc">edit</a>
</h3>
</div></div></div>
<p><code class="literal">GET _ml/anomaly_detectors/&lt;job_id&gt;/results/buckets</code><br></p>
<p><code class="literal">GET _ml/anomaly_detectors/&lt;job_id&gt;/results/buckets/&lt;timestamp&gt;</code></p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-bucket-prereqs"></a>Prerequisites<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-bucket.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="ulist itemizedlist">
<ul class="itemizedlist">
<li class="listitem">
If the Elasticsearch security features are enabled, you must have <code class="literal">monitor_ml</code>,
<code class="literal">monitor</code>, <code class="literal">manage_ml</code>, or <code class="literal">manage</code> cluster privileges to use this API. You also
need <code class="literal">read</code> index privilege on the index that stores the results. The
<code class="literal">machine_learning_admin</code> and <code class="literal">machine_learning_user</code> roles provide these
privileges. For more information, see
<a class="xref" href="security-privileges.html" title="Security privileges">Security privileges</a> and
<a class="xref" href="built-in-roles.html" title="Built-in roles">Built-in roles</a>.
</li>
</ul>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-bucket-desc"></a>Description<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-bucket.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The get buckets API presents a chronological view of the records, grouped by
bucket.</p>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-bucket-path-parms"></a>Path parameters<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-bucket.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">&lt;job_id&gt;</code>
</span>
</dt>
<dd>
(Required, string)
Identifier for the anomaly detection job.
</dd>
<dt>
<span class="term">
<code class="literal">&lt;timestamp&gt;</code>
</span>
</dt>
<dd>
(Optional, string) The timestamp of a single bucket result. If you do not
specify this parameter, the API returns information about all buckets.
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-bucket-request-body"></a>Request body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-bucket.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">anomaly_score</code>
</span>
</dt>
<dd>
(Optional, double) Returns buckets with anomaly scores greater or equal than
this value.
</dd>
<dt>
<span class="term">
<code class="literal">desc</code>
</span>
</dt>
<dd>
(Optional, boolean)
If true, the results are sorted in descending order.
</dd>
<dt>
<span class="term">
<code class="literal">end</code>
</span>
</dt>
<dd>
(Optional, string) Returns buckets with timestamps earlier than this time.
</dd>
<dt>
<span class="term">
<code class="literal">exclude_interim</code>
</span>
</dt>
<dd>
(Optional, boolean)
If <code class="literal">true</code>, the output excludes interim results. By default, interim results are
included.
</dd>
<dt>
<span class="term">
<code class="literal">expand</code>
</span>
</dt>
<dd>
(Optional, boolean) If true, the output includes anomaly records.
</dd>
<dt>
<span class="term">
<code class="literal">page</code>.<code class="literal">from</code>
</span>
</dt>
<dd>
(Optional, integer) Skips the specified number of buckets.
</dd>
<dt>
<span class="term">
<code class="literal">page</code>.<code class="literal">size</code>
</span>
</dt>
<dd>
(Optional, integer) Specifies the maximum number of buckets to obtain.
</dd>
<dt>
<span class="term">
<code class="literal">sort</code>
</span>
</dt>
<dd>
(Optional, string) Specifies the sort field for the requested buckets. By
default, the buckets are sorted by the <code class="literal">timestamp</code> field.
</dd>
<dt>
<span class="term">
<code class="literal">start</code>
</span>
</dt>
<dd>
(Optional, string) Returns buckets with timestamps after this time.
</dd>
</dl>
</div>
</div>

<div class="section child_attributes">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-bucket-results"></a>Response body<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-bucket.asciidoc">edit</a>
</h3>
</div></div></div>
<p>The API returns an array of bucket objects, which have the following properties:</p>
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">anomaly_score</code>
</span>
</dt>
<dd>
(number) The maximum anomaly score, between 0-100, for any of the bucket
influencers. This is an overall, rate-limited score for the job. All the anomaly
records in the bucket contribute to this score. This value might be updated as
new data is analyzed.
</dd>
<dt>
<span class="term">
<code class="literal">bucket_influencers</code>
</span>
</dt>
<dd>
<p>
(array) An array of bucket influencer objects.
</p>
<details open>
<summary class="title">Properties of <code class="literal">bucket_influencers</code></summary>
<div class="content">
<div class="variablelist">
<dl class="variablelist">
<dt>
<span class="term">
<code class="literal">anomaly_score</code>
</span>
</dt>
<dd>
(number) A normalized score between 0-100, which is calculated for each bucket
influencer. This score might be updated as newer data is analyzed.
</dd>
<dt>
<span class="term">
<code class="literal">bucket_span</code>
</span>
</dt>
<dd>
(number)
The length of the bucket in seconds. This value matches the <code class="literal">bucket_span</code>
that is specified in the job.
</dd>
<dt>
<span class="term">
<code class="literal">initial_anomaly_score</code>
</span>
</dt>
<dd>
(number) The score between 0-100 for each bucket influencer. This score is the
initial value that was calculated at the time the bucket was processed.
</dd>
<dt>
<span class="term">
<code class="literal">influencer_field_name</code>
</span>
</dt>
<dd>
(string) The field name of the influencer.
</dd>
<dt>
<span class="term">
<code class="literal">influencer_field_value</code>
</span>
</dt>
<dd>
(string) The field value of the influencer.
</dd>
<dt>
<span class="term">
<code class="literal">is_interim</code>
</span>
</dt>
<dd>
(boolean)
If <code class="literal">true</code>, this is an interim result. In other words, the results are calculated
based on partial input data.
</dd>
<dt>
<span class="term">
<code class="literal">job_id</code>
</span>
</dt>
<dd>
(string)
Identifier for the anomaly detection job.
</dd>
<dt>
<span class="term">
<code class="literal">probability</code>
</span>
</dt>
<dd>
(number) The probability that the bucket has this behavior, in the range 0 to 1.
This value can be held to a high precision of over 300 decimal places, so the
<code class="literal">anomaly_score</code> is provided as a human-readable and friendly interpretation of
this.
</dd>
<dt>
<span class="term">
<code class="literal">raw_anomaly_score</code>
</span>
</dt>
<dd>
(number) Internal.
</dd>
<dt>
<span class="term">
<code class="literal">result_type</code>
</span>
</dt>
<dd>
(string) Internal. This value is always set to <code class="literal">bucket_influencer</code>.
</dd>
<dt>
<span class="term">
<code class="literal">timestamp</code>
</span>
</dt>
<dd>
(date) The start time of the bucket for which these results were calculated.
</dd>
</dl>
</div>
</div>
</details>
</dd>
<dt>
<span class="term">
<code class="literal">bucket_span</code>
</span>
</dt>
<dd>
(number)
The length of the bucket in seconds. This value matches the <code class="literal">bucket_span</code>
that is specified in the job.
</dd>
<dt>
<span class="term">
<code class="literal">event_count</code>
</span>
</dt>
<dd>
(number) The number of input data records processed in this bucket.
</dd>
<dt>
<span class="term">
<code class="literal">initial_anomaly_score</code>
</span>
</dt>
<dd>
(number) The maximum <code class="literal">anomaly_score</code> for any of the bucket influencers. This is
the initial value that was calculated at the time the bucket was processed.
</dd>
<dt>
<span class="term">
<code class="literal">is_interim</code>
</span>
</dt>
<dd>
(boolean)
If <code class="literal">true</code>, this is an interim result. In other words, the results are calculated
based on partial input data.
</dd>
<dt>
<span class="term">
<code class="literal">job_id</code>
</span>
</dt>
<dd>
(string)
Identifier for the anomaly detection job.
</dd>
<dt>
<span class="term">
<code class="literal">processing_time_ms</code>
</span>
</dt>
<dd>
(number) The amount of time, in milliseconds, that it took to analyze the bucket
contents and calculate results.
</dd>
<dt>
<span class="term">
<code class="literal">result_type</code>
</span>
</dt>
<dd>
(string) Internal. This value is always set to <code class="literal">bucket</code>.
</dd>
<dt>
<span class="term">
<code class="literal">timestamp</code>
</span>
</dt>
<dd>
<p>
(date) The start time of the bucket. This timestamp uniquely identifies the
bucket.
</p>
<div class="note admon">
<div class="icon"></div>
<div class="admon_content">
<p>Events that occur exactly at the timestamp of the bucket are included in
the results for the bucket.</p>
</div>
</div>
</dd>
</dl>
</div>
</div>

<div class="section">
<div class="titlepage"><div><div>
<h3 class="title">
<a id="ml-get-bucket-example"></a>Examples<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/docs/reference/ml/anomaly-detection/apis/get-bucket.asciidoc">edit</a>
</h3>
</div></div></div>
<div class="pre_wrapper lang-console">
<pre class="programlisting prettyprint lang-console">GET _ml/anomaly_detectors/low_request_rate/results/buckets
{
  "anomaly_score": 80,
  "start": "1454530200001"
}</pre>
</div>
<div class="console_widget" data-snippet="snippets/1818.console"></div>
<p>In this example, the API returns a single result that matches the specified
score and time constraints:</p>
<div class="pre_wrapper lang-js">
<pre class="programlisting prettyprint lang-js">{
  "count" : 1,
  "buckets" : [
    {
      "job_id" : "low_request_rate",
      "timestamp" : 1578398400000,
      "anomaly_score" : 91.58505459594764,
      "bucket_span" : 3600,
      "initial_anomaly_score" : 91.58505459594764,
      "event_count" : 0,
      "is_interim" : false,
      "bucket_influencers" : [
        {
          "job_id" : "low_request_rate",
          "result_type" : "bucket_influencer",
          "influencer_field_name" : "bucket_time",
          "initial_anomaly_score" : 91.58505459594764,
          "anomaly_score" : 91.58505459594764,
          "raw_anomaly_score" : 0.5758246639716365,
          "probability" : 1.7340849573442696E-4,
          "timestamp" : 1578398400000,
          "bucket_span" : 3600,
          "is_interim" : false
        }
      ],
      "processing_time_ms" : 0,
      "result_type" : "bucket"
    }
  ]
}</pre>
</div>
</div>

</div>
<div class="navfooter">
<span class="prev">
<a href="ml-forecast.html">« Forecast jobs API</a>
</span>
<span class="next">
<a href="ml-get-calendar.html">Get calendars API »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>